Author: markt
Date: Mon Feb 1 19:47:13 2016
New Revision: 1727992
URL: http://svn.apache.org/viewvc?rev=1727992&view=rev
Log:
Fix a consistent unit test failure on OSX (no idea why it started to appear now)
Handle the case where the required TLS buffer increases after the connection
has been initiated.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java?rev=1727992&r1=1727991&r2=1727992&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SecureNioChannel.java Mon Feb
1 19:47:13 2016
@@ -558,18 +558,33 @@ public class SecureNioChannel extends Ni
if (unwrap.getStatus() == Status.BUFFER_UNDERFLOW) {
break;
}
- } else if (unwrap.getStatus() == Status.BUFFER_OVERFLOW && read >
0) {
- //buffer overflow can happen, if we have read data, then
- //empty out the dst buffer before we do another read
- break;
+ } else if (unwrap.getStatus() == Status.BUFFER_OVERFLOW) {
+ if (read > 0) {
+ // Buffer overflow can happen if we have read data. Return
+ // so the destination buffer can be emptied before another
+ // read is attempted
+ break;
+ } else {
+ // The SSL session has increased the required buffer size
+ // since the buffer was created.
+ if (dst ==
socket.getSocketBufferHandler().getReadBuffer()) {
+ // This is the normal case for this code
+ socket.getSocketBufferHandler().expand(
+
sslEngine.getSession().getApplicationBufferSize());
+ dst = socket.getSocketBufferHandler().getReadBuffer();
+ } else {
+ // Can't expand the buffer as there is no way to signal
+ // to the caller that the buffer has been replaced.
+ throw new IOException(
+ sm.getString("channel.nio.ssl.unwrapFail",
unwrap.getStatus()));
+ }
+ }
} else {
- //here we should trap BUFFER_OVERFLOW and call expand on the
buffer
- //for now, throw an exception, as we initialized the buffers
- //in the constructor
+ // Something else went wrong
throw new
IOException(sm.getString("channel.nio.ssl.unwrapFail", unwrap.getStatus()));
}
- } while ( (netInBuffer.position() != 0)); //continue to unwrapping as
long as the input buffer has stuff
- return (read);
+ } while (netInBuffer.position() != 0); //continue to unwrapping as
long as the input buffer has stuff
+ return read;
}
/**
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1727992&r1=1727991&r2=1727992&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Feb 1 19:47:13 2016
@@ -99,6 +99,10 @@
New configuration option <code>ajpFlush</code> for the AJP connectors
to disable the sending of AJP flush packets. (rjung)
</add>
+ <fix>
+ Handle the case in the NIO connector where the required TLS buffer
sizes
+ increase after the connection has been initiated. (markt)
+ </fix>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
